CVE-2023-50294

Summary

The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page.

Affected Software

VendorProductVersion RangeStatus
WESEEK, Inc.GROWIprior to v6.0.6affected

Weaknesses

  • Cleartext storage of sensitive information

ADP Enrichment

CVE Program Container

Additional References

References